From owner-svn-src-projects@freebsd.org Fri Jan 20 17:03:46 2017
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id 373AECB955C
for <svn-src-projects@mailman.ysv.freebsd.org>;
Fri, 20 Jan 2017 17:03:46 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
[IPv6:2610:1c1:1:6068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 11EBC154E;
Fri, 20 Jan 2017 17:03:45 +0000 (UTC) (envelope-from ae@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v0KH3jI0034997;
Fri, 20 Jan 2017 17:03:45 GMT (envelope-from ae@FreeBSD.org)
Received: (from ae@localhost)
by repo.freebsd.org (8.15.2/8.15.2/Submit) id v0KH3joM034995;
Fri, 20 Jan 2017 17:03:45 GMT (envelope-from ae@FreeBSD.org)
Message-Id: <201701201703.v0KH3joM034995@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org
using -f
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Date: Fri, 20 Jan 2017 17:03:45 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r312542 - projects/ipsec/lib/libipsec
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the src " projects"
tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>,
<mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>,
<mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2017 17:03:46 -0000
Author: ae
Date: Fri Jan 20 17:03:44 2017
New Revision: 312542
URL: https://svnweb.freebsd.org/changeset/base/312542
Log:
Since NAT-T support is now always enabled, add related information
to the `setkey -D` output.
Modified:
projects/ipsec/lib/libipsec/pfkey.c
projects/ipsec/lib/libipsec/pfkey_dump.c
Modified: projects/ipsec/lib/libipsec/pfkey.c
==============================================================================
--- projects/ipsec/lib/libipsec/pfkey.c Fri Jan 20 16:52:34 2017 (r312541)
+++ projects/ipsec/lib/libipsec/pfkey.c Fri Jan 20 17:03:44 2017 (r312542)
@@ -1776,21 +1776,15 @@ pfkey_align(msg, mhp)
case SADB_EXT_SPIRANGE:
case SADB_X_EXT_POLICY:
case SADB_X_EXT_SA2:
- case SADB_X_EXT_SA_REPLAY:
- mhp[ext->sadb_ext_type] = (caddr_t)ext;
- break;
case SADB_X_EXT_NAT_T_TYPE:
case SADB_X_EXT_NAT_T_SPORT:
case SADB_X_EXT_NAT_T_DPORT:
- /* case SADB_X_EXT_NAT_T_OA: is OAI */
case SADB_X_EXT_NAT_T_OAI:
case SADB_X_EXT_NAT_T_OAR:
case SADB_X_EXT_NAT_T_FRAG:
- if (feature_present("ipsec_natt")) {
- mhp[ext->sadb_ext_type] = (caddr_t)ext;
- break;
- }
- /* FALLTHROUGH */
+ case SADB_X_EXT_SA_REPLAY:
+ mhp[ext->sadb_ext_type] = (caddr_t)ext;
+ break;
default:
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return -1;
Modified: projects/ipsec/lib/libipsec/pfkey_dump.c
==============================================================================
--- projects/ipsec/lib/libipsec/pfkey_dump.c Fri Jan 20 16:52:34 2017 (r312541)
+++ projects/ipsec/lib/libipsec/pfkey_dump.c Fri Jan 20 17:03:44 2017 (r312542)
@@ -220,6 +220,9 @@ pfkey_sadump(m)
struct sadb_ident *m_sid, *m_did;
struct sadb_sens *m_sens;
struct sadb_x_sa_replay *m_sa_replay;
+ struct sadb_x_nat_t_type *natt_type;
+ struct sadb_x_nat_t_port *natt_sport, *natt_dport;
+ struct sadb_address *natt_oai, *natt_oar;
/* check pfkey message. */
if (pfkey_align(m, mhp)) {
@@ -245,33 +248,46 @@ pfkey_sadump(m)
m_did = (struct sadb_ident *)mhp[SADB_EXT_IDENTITY_DST];
m_sens = (struct sadb_sens *)mhp[SADB_EXT_SENSITIVITY];
m_sa_replay = (struct sadb_x_sa_replay *)mhp[SADB_X_EXT_SA_REPLAY];
+ natt_type = (struct sadb_x_nat_t_type *)mhp[SADB_X_EXT_NAT_T_TYPE];
+ natt_sport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_SPORT];
+ natt_dport = (struct sadb_x_nat_t_port *)mhp[SADB_X_EXT_NAT_T_DPORT];
+ natt_oai = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAI];
+ natt_oar = (struct sadb_address *)mhp[SADB_X_EXT_NAT_T_OAR];
+
/* source address */
if (m_saddr == NULL) {
printf("no ADDRESS_SRC extension.\n");
return;
}
- printf("%s ", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
+ printf("%s", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
+ if (natt_type != NULL && natt_sport != NULL)
+ printf("[%u]", ntohs(natt_sport->sadb_x_nat_t_port_port));
/* destination address */
if (m_daddr == NULL) {
- printf("no ADDRESS_DST extension.\n");
+ printf("\nno ADDRESS_DST extension.\n");
return;
}
- printf("%s ", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
+ printf(" %s", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
+ if (natt_type != NULL && natt_dport != NULL)
+ printf("[%u]", ntohs(natt_dport->sadb_x_nat_t_port_port));
/* SA type */
if (m_sa == NULL) {
- printf("no SA extension.\n");
+ printf("\nno SA extension.\n");
return;
}
if (m_sa2 == NULL) {
- printf("no SA2 extension.\n");
+ printf("\nno SA2 extension.\n");
return;
}
printf("\n\t");
- GETMSGSTR(str_satype, m->sadb_msg_satype);
+ if (m->sadb_msg_satype == SADB_SATYPE_ESP && natt_type != NULL)
+ printf("esp-udp ");
+ else
+ GETMSGSTR(str_satype, m->sadb_msg_satype);
printf("mode=");
GETMSGSTR(str_mode, m_sa2->sadb_x_sa2_mode);
@@ -282,6 +298,18 @@ pfkey_sadump(m)
(u_int32_t)m_sa2->sadb_x_sa2_reqid,
(u_int32_t)m_sa2->sadb_x_sa2_reqid);
+ /* other NAT-T information */
+ if (natt_type != NULL && (natt_oai != NULL || natt_oar != NULL)) {
+ printf("\tNAT:");
+ if (natt_oai != NULL)
+ printf(" OAI=%s",
+ str_ipaddr((struct sockaddr *)(natt_oai + 1)));
+ if (natt_oar != NULL)
+ printf(" OAR=%s",
+ str_ipaddr((struct sockaddr *)(natt_oar + 1)));
+ printf("\n");
+ }
+
/* encryption key */
if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
printf("\tC: ");